moved the previous commit files into envfiles

2024-06-22 19:33:56 -06:00
parent 81e74871a1
commit 0cea6b3495
14 changed files with 91 additions and 73 deletions
--- a/modules/servers/flame.nix
+++ b/modules/servers/flame.nix
@@ -8,7 +8,7 @@ in {
    flameSecret.enable = lib.mkEnableOption "enable";
  };
  config = lib.mkIf config.my.servers.flame.enable {
-    sops.secrets.flame = { };
+    sops.secrets.flame.sopsFile = ../../secrets/env.yaml;
    virtualisation.oci-containers = {
      backend = "docker";
      containers = {
@@ -20,11 +20,11 @@ in {
            "${config.my.containerData}/flame:/app/data"
            "${config.my.containerSocket}:${config.my.containerSocket}"
          ];
+          environmentFiles = [ config.sops.secrets.flame.path ];
          environment = {
            TZ = "America/Mexico_City";
            PUID = "1000";
            PGID = "100";
-            PASSWORD_FILE = config.sops.secrets.flame-password.path;
          };
        };
        flame-nsfw = {
@@ -32,11 +32,11 @@ in {
          image = "pawelmalak/flame";
          ports = [ "${toString portSecret}:${toString port}" ];
          volumes = [ "${config.my.containerData}/flame-nsfw:/app/data" ];
+          environmentFiles = [ config.sops.secrets.flame.path ];
          environment = {
            TZ = "America/Mexico_City";
            PUID = "1000";
            PGID = "100";
-            PASSWORD_FILE = config.sops.secrets.flame-password.path;
          };
        };
      };
--- a/modules/servers/kavita.nix
+++ b/modules/servers/kavita.nix
@@ -1,7 +1,10 @@
 { lib, config, proxyReverse, ... }: {
  options.my.servers.kavita.enable = lib.mkEnableOption "enable";
  config = lib.mkIf config.my.servers.kavita.enable {
-    sops.secrets.kavita-token = { };
+    sops.secrets.kavita-token = {
+      owner = config.users.users.kavita.name;
+      inherit (config.users.users.kavita) group;
+    };
    users.users.kavita = {
      isSystemUser = true;
      group = "kavita";
--- a/modules/servers/maloja.nix
+++ b/modules/servers/maloja.nix
@@ -5,12 +5,13 @@ let
 in {
  options.my.servers.maloja.enable = lib.mkEnableOption "enable";
  config = lib.mkIf config.my.servers.maloja.enable {
-    sops.secrets."maloja/password" = { };
+    sops.secrets.maloja.sopsFile = ../../secrets/env.yaml;
    virtualisation.oci-containers = {
      backend = "docker";
      containers.maloja = {
        image = "krateng/maloja";
        ports = [ "${toString port}:${toString port}" ];
+        environmentFiles = [ config.sops.secrets.maloja.path ];
        environment = {
          TZ = "America/Mexico_City";
          MALOJA_TIMEZONE = "-6";
@@ -18,8 +19,6 @@ in {
          PGID = "100";
          MALOJA_DATA_DIRECTORY = "/mljdata";
          MALOJA_SKIP_SETUP = "true";
-          MALOJA_FORCE_PASSWORD =
-            "cat ${config.sops.secrets."maloja/password".path}";
        };
        volumes = [ "${config.my.containerData}/maloja:/mljdata" ];
        labels = {
--- a/modules/servers/mealie.nix
+++ b/modules/servers/mealie.nix
@@ -6,10 +6,7 @@ let
 in {
  options.my.servers.mealie.enable = lib.mkEnableOption "enable";
  config = lib.mkIf config.my.servers.mealie.enable {
-    sops.secrets = {
-      "smtp/email" = { };
-      "smtp/password" = { };
-    };
+    sops.secrets.mealie.sopsFile = ../../secrets/env.yaml;
    virtualisation.oci-containers = {
      backend = "docker";
      containers.mealie = {
@@ -17,6 +14,7 @@ in {
        image = "ghcr.io/mealie-recipes/mealie:v1.4.0";
        ports = [ "${toString port}:9000" ];
        volumes = [ "${config.my.containerData}/mealie:/app/data/" ];
+        environmentFiles = [ config.sops.secrets.mealie.path ];
        environment = {
          TZ = "America/Mexico_City";
          ALLOW_SIGNUP = "true";
@@ -27,9 +25,6 @@ in {
          BASE_URL = url;
          SMTP_HOST = "smtp.gmail.com";
          SMTP_PORT = "587";
-          SMTP_FROM_EMAIL = "cat ${config.sops.secrets."smtp/email".path}";
-          SMTP_USER = "cat ${config.sops.secrets."smtp/email".path}";
-          SMTP_PASSWORD = "cat ${config.sops.secrets."smtp/password".path}";
        };
        extraOptions = [
          "--memory=1g" # VA-API (omit for NVENC)
--- a/modules/servers/multi-scrobbler.nix
+++ b/modules/servers/multi-scrobbler.nix
@@ -6,34 +6,22 @@ let
 in {
  options.my.servers.multi-scrobbler.enable = lib.mkEnableOption "enable";
  config = lib.mkIf config.my.servers.multi-scrobbler.enable {
-    sops.secrets = {
-      "maloja/apikey" = { };
-      "multi-scrobbler/deezer/client-id" = { };
-      "multi-scrobbler/deezer/client-secret" = { };
-    };
+    sops.secrets.multi-scrobbler.sopsFile = ../../secrets/env.yaml;
    virtualisation.oci-containers = {
      backend = "docker";
      containers.multi-scrobbler = {
        image = "foxxmd/multi-scrobbler";
        ports = [ "${toString port}:${toString port}" ];
+        environmentFiles = [ config.sops.secrets.multi-scrobbler.path ];
        environment = {
          TZ = "America/Mexico_City";
          PUID = "1000";
          PGID = "100";
          BASE_URL = url;
-          # JELLYFIN_USER = "jawz";
-          # JELLYFIN_SERVER = "DaniloFlix";
-          DEEZER_CLIENT_ID = "cat ${
-              config.sops.secrets."multi-scrobbler/deezer/client-id".path
-            }";
-          DEEZER_CLIENT_SECRET = "cat ${
-              config.sops.secrets."multi-scrobbler/deezer/client-secret".path
-            }";
          DEEZER_REDIRECT_URI = "http://${config.my.miniserver-ip}:${
              toString port
            }/deezer/callback";
          MALOJA_URL = "https://maloja.${config.my.domain}";
-          MALOJA_API_KEY = "cat ${config.sops.secrets."maloja/apikey".path}";
          WS_ENABLE = "true";
        };
        volumes = [ "${config.my.containerData}/multi-scrobbler:/config" ];
--- a/modules/servers/ryot.nix
+++ b/modules/servers/ryot.nix
@@ -6,23 +6,17 @@ in {
  options.my.servers.ryot.enable = lib.mkEnableOption "enable";
  config = lib.mkIf
    (config.my.servers.ryot.enable && config.my.servers.postgres.enable) {
-      sops.secrets = {
-        "ryot/twitch/id" = { };
-        "ryot/twitch/secret" = { };
-      };
+      sops.secrets.ryot.sopsFile = ../../secrets/env.yaml;
      virtualisation.oci-containers = {
        backend = "docker";
        containers.ryot = {
          image = "ghcr.io/ignisda/ryot:v5.5.0";
          ports = [ "8765:8000" ];
+          environmentFiles = [ config.sops.secrets.ryot.path ];
          environment = {
            TZ = "America/Mexico_City";
            DATABASE_URL = "postgres:///ryot?host=${config.my.postgresSocket}";
            FRONTEND_INSECURE_COOKIES = "true";
-            VIDEO_GAMES_TWITCH_CLIENT_ID =
-              "cat ${config.sops.secrets."ryot/twitch/id".path}";
-            VIDEO_GAMES_TWITCH_CLIENT_SECRET =
-              "cat ${config.sops.secrets."ryot/twitch/secret".path}";
          };
          volumes =
            [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ];